You can exfilter some binary payload for me using the Kryptonite page. However, in some situations you may want to exfilter data on a non-connected computer.
Warnings first on DNS Data Exfiltration
- It works on proxied/firewall computers. Not on airgapped computers.
- It can be used both ways, see e.g. iodine - but not in a stealthy way
- Exfilter a password, a pastebin URL or something short, like a seashells log reference. You’ll get caught when transferring Megabytes.
- Prepare your data - let’s take an example - you want to give me a password and its value is XABF37
- Prepare a URL, namely
- Type it somewhere - kudos if you don’t get logged (somewhere name resolution will happen but where you can delete it after)
The full DNS name will come straight to my inbox. Done.